ClawHub

MiMo 联网搜索

Security checks across malware telemetry and agentic risk

Overview

This search skill appears to do what it claims, but its unsafe shell-based implementation could let a crafted search query run local commands.

Review carefully before installing. Do not use this skill on sensitive machines or with sensitive queries unless the shell-based curl implementation is replaced with a safe HTTPS client or argument-based subprocess call. Use a limited MiMo API key, expect queries to be sent to Xiaomi's service and billed, and avoid logging raw prompts or search results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill constructs a shell command using untrusted data and executes it via child_process.exec, which invokes a shell. Because both the API key and the JSON payload are interpolated directly into the curl command, specially crafted query content can break quoting and trigger command injection, while also exposing secrets through process arguments and logs.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly recommends logging search queries and results, but it does not warn that queries may contain sensitive user data and results may include confidential or regulated information. In an agent skill context, this can lead to unnecessary retention of prompts, search terms, and externally retrieved content in logs, increasing privacy, compliance, and data exposure risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README instructs users to configure and use an external web-search API but does not clearly disclose that search queries are transmitted to a third-party service. In a skill environment, users may unknowingly send proprietary, personal, or regulated data off-system, which is a meaningful privacy and data-governance risk even if the integration is otherwise legitimate.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to send prompts and search queries to a third-party API endpoint but does not clearly warn that user content will leave the local environment and be processed externally. In an agent skill context, users may unknowingly transmit sensitive prompts, code, or proprietary data, creating privacy and compliance risk.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill sends user queries to a third-party API without any user-facing notice, consent mechanism, or data classification controls. In a search skill this behavior is expected functionally, but it still creates privacy and compliance risk if prompts contain sensitive, proprietary, or regulated information.

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. 在 OpenClaw 中使用
```javascript
// 在 OpenClaw 会话中调用
const command = `curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \
  -H "api-key: $MIMO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '${JSON.stringify({
Confidence
88% confidence
Finding
curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \ -H "api-key: $MIMO_API_KEY" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### 4. 在 OpenClaw 中使用
```javascript
// 在 OpenClaw 会话中调用
const command = `curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \
  -H "api-key: $MIMO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '${JSON.stringify({
Confidence
88% confidence
Finding
https://api.xiaomimimo.com/

External Transmission

Medium
Category
Data Exfiltration
Content
}
  };

  // 构建 curl 命令
  const curlCommand = `curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \
    -H "api-key: ${apiKey}" \
    -H "Content-Type: application/json" \
Confidence
89% confidence
Finding
curl 命令 const curlCommand = `curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \ -H "api-key: ${apiKey}" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
};

  // 构建 curl 命令
  const curlCommand = `curl -X POST "https://api.xiaomimimo.com/v1/chat/completions" \
    -H "api-key: ${apiKey}" \
    -H "Content-Type: application/json" \
    -d '${JSON.stringify(requestData)}'`;
Confidence
84% confidence
Finding
https://api.xiaomimimo.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal